Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.

Hi sjs

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:

Perform all actions in the order given.

If you don't know, stop and ask! Don't keep going on.

Please reply to this thread. Do not start a new topic.

Stick with it till you're given the all clear.

Remember, absence of symptoms does not mean the infection is all gone.

Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.

Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)

If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.

Double click on ComboFix.exe and follow the prompts.

As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip

Now click on Report to open the log file created by TDSSKiller in your root directory C:\

Post the contents in your next reply please.

DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:

DDS.txt

TDSSKiller log

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

Hi Gary, below is the DDS.txt, but then there is a PROBLEM. I have TDSSKiller.exe on my desktop, but when I run it, it comes up with "initialising" for about 2 seconds, then the computer immediately closes down and re-starts. I then thought that the VirusGuard was supposed to be still turned off so I tried again with it off and the same thing happened. On the second restart it came up with a - Symantec Service FrameworkError SignatureszAppName : ccsvchst.exe szAppVer : 109.0.3.4 szModName : ccl90u.dllszModVer : 109.0.3.4 offset : 00062102 [not sure if that is any help...]

So sorry I haven't got back to you sooner , I did not get notification of your post, so was not aware that you had posted a reply. My most sincere apology.

Your DDS log shows you still have a TDL infection, but since TDSSKiller seems to be having problems we'll need to use another tool on it. I first need to run a scan to see if this tool can see the version of TDL you have since it does not remove them all.

It's not 100% clear from your log, but I believe you have one of the newer versions of TDL rootkit.

Like the others this one re-writes the Master Boot Record (MBR) of your hard drive, but unlike most of the earlier versions this one cannot be removed whilst Windows is running, so we need to remove it whilst booted to Recovery Console (which Combofix installed earlier).

This procedure is not entirely without risk.

I will take precautions to minimise them, but I would still advise you to ensure you have a back-up of your personal files and folders before going any further.

Before we attempt to fix things I'd like to make a backup of your Master Boot Record (MBR) so we can restore it if anything goes wrong.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.